A great time was had by all at the 2017 MacMAD Christmas party. We had about 25 people show up. The party was in lieu of a meeting. As usual, there will be no meetings in December. Merry Christmas, Happy New Year, and we’ll see you in January. The January help meeting will be Jan 3rd, and the program meeting will be the 16th.

Our MacMAD meeting topic this month is iTunes. There are some interesting changes in the latest version. In particular, Apple has removed the purchase and management of iOS Apps from iTunes. This is a good step in the right direction to make iTunes less complicated and more focused.

Two-Factor Authentication and One-Time Passwords

MacMAD Meeting Topic for June 20, 2017

Your Apple ID is your single set of credentials for everything from Apple, including:

Email

iCloud files, calendars, contacts, etc.

Photos

purchases on the iTunes store

buying hardware on the Apple Store

This is pretty important stuff, right? You don’t want your credentials to fall into the wrong hands! Until recently, those credentials consisted of only your username and password, which seldom change. If a bad guy got hold of those, he’d have complete access to your Apple identity.

To help prevent that, Apple set up Two-Factor Authentication (2FA). With 2FA, in addition to username and password, you must also give a verification code. Verification codes are sent to your phone or other trusted device. The verification code is different each time you log on.

Two-Factor Authentication is optional for users. However, you may now be forced to use it if you use certain apps — those which access your iCloud account.

Some apps require access to your files in iCloud, and therefore need your iCloud credentials to do so. This is fine, but you don’t want them to have the keys to your entire kingdom, do you? You don’t want a calendar app to order a new Macintosh, or delete your photos.

To control such apps, Apple now requires them to access iCloud using a One-Time password. This allows them to bypass 2FA, but using a special password which is only useable by that app for limited purposes. Once you give a one-time password to an app, and it uses it, it can never be used again for any other purpose.

You do not need to store or remember one-time passwords. If for some reason you need to re-authorize an app, you can simply generate a new one-time password for it. Dennis explains how to do all this in these slides from this month’s meeting: